CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23967 | unknown | — | — | — | ||||
| CVE-2022-35042 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11. | |||
| CVE-2022-0886 | unknown | — | — | — | ||||
| CVE-2022-38529 | unknown | — | — | — | tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress. | |||
| CVE-2022-23122 | unknown | — | — | — | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists with… | |||
| CVE-2022-48653 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, t… | |||
| CVE-2022-23481 | unknown | — | — | — | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confi… | |||
| CVE-2022-43516 | unknown | — | — | — | A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | |||
| CVE-2022-1056 | unknown | — | — | — | Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with com… | |||
| CVE-2022-48579 | unknown | — | — | — | UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | |||
| CVE-2022-49341 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog->jited_len along prog->jited syzbot reported an illegal copy_to_user() attempt from bpf_prog_get_info_by_f… | |||
| CVE-2022-31608 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead t… | |||
| CVE-2022-23820 | unknown | — | — | — | ||||
| CVE-2022-32325 | unknown | — | — | — | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | |||
| CVE-2022-35034 | unknown | — | — | — | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d. | |||
| CVE-2022-43753 | unknown | — | — | — | ||||
| CVE-2022-3528 | unknown | — | — | — | ||||
| CVE-2022-49201 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnic_xmit() acc… | |||
| CVE-2022-27146 | unknown | — | — | — | GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | |||
| CVE-2022-36186 | unknown | — | — | — | A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service… | |||
| CVE-2022-47091 | unknown | — | — | — | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c | |||
| CVE-2022-29800 | unknown | — | — | — | A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them bein… | |||
| CVE-2022-26505 | unknown | — | — | — | A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | |||
| CVE-2022-46280 | unknown | — | — | — | A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary co… | |||
| CVE-2022-42917 | unknown | — | — | — | ||||
| CVE-2022-46289 | unknown | — | — | — | Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary cod… | |||
| CVE-2022-34677 | unknown | — | — | — | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of ser… | |||
| CVE-2022-3531 | unknown | — | — | — | ||||
| CVE-2022-43503 | unknown | — | — | — | ||||
| CVE-2022-48875 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthe… | |||
| CVE-2022-38233 | unknown | — | — | — | XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. | |||
| CVE-2022-37704 | unknown | — | — | — | Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the at… | |||
| CVE-2022-37708 | unknown | — | — | — | ||||
| CVE-2022-24975 | unknown | — | — | — | The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing… | |||
| CVE-2022-43357 | unknown | — | — | — | Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (… | |||
| CVE-2022-21621 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high pr… | |||
| CVE-2022-0794 | unknown | — | — | — | Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a cr… | |||
| CVE-2022-48737 | unknown | — | — | — | ||||
| CVE-2022-4121 | unknown | — | — | — | In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences. | |||
| CVE-2022-0470 | unknown | — | — | — | Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-0603 | unknown | — | — | — | Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-25050 | unknown | — | — | — | rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||
| CVE-2022-0581 | unknown | — | — | — | Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | |||
| CVE-2022-0583 | unknown | — | — | — | Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | |||
| CVE-2022-3725 | unknown | — | — | — | Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file | |||
| CVE-2022-4344 | unknown | — | — | — | Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | |||
| CVE-2022-0545 | unknown | — | — | — | An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achi… | |||
| CVE-2022-0713 | unknown | — | — | — | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | |||
| CVE-2022-36180 | unknown | — | — | — | Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirect… | |||
| CVE-2022-26496 | unknown | — | — | — | In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO mess… | |||
| CVE-2022-43241 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted v… | |||
| CVE-2022-43239 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a… | |||
| CVE-2022-33967 | unknown | — | — | — | squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a … | |||
| CVE-2022-46294 | unknown | — | — | — | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted ma… | |||
| CVE-2022-44011 | unknown | — | — | — | An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnPr… | |||
| CVE-2022-29503 | unknown | — | — | — | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create … | |||
| CVE-2022-20382 | unknown | — | — | — | ||||
| CVE-2022-0796 | unknown | — | — | — | Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-35978 | unknown | — | — | — | Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu… | |||
| CVE-2022-0797 | unknown | — | — | — | Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||
| CVE-2022-38150 | unknown | — | — | — | In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reaso… | |||
| CVE-2022-34667 | unknown | — | — | — | NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local use… | |||
| CVE-2022-41325 | unknown | — | — | — | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash … | |||
| CVE-2022-28085 | unknown | — | — | — | A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). | |||
| CVE-2022-41838 | unknown | — | — | — | A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker c… | |||
| CVE-2022-25802 | unknown | — | — | — | Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | |||
| CVE-2022-34665 | unknown | — | — | — | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to d… | |||
| CVE-2022-32096 | unknown | — | — | — | Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE … | |||
| CVE-2022-41649 | unknown | — | — | — | A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory,… | |||
| CVE-2022-41977 | unknown | — | — | — | An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An a… | |||
| CVE-2022-0849 | unknown | — | — | — | Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. | |||
| CVE-2022-26291 | unknown | — | — | — | lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of S… | |||
| CVE-2022-25638 | unknown | — | — | — | In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certif… | |||
| CVE-2022-0462 | unknown | — | — | — | Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2022-46908 | unknown | — | — | — | SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions su… | |||
| CVE-2022-31253 | unknown | — | — | — | A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/gr… | |||
| CVE-2022-2477 | unknown | — | — | — | Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HT… | |||
| CVE-2022-31620 | unknown | — | — | — | In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded los… | |||
| CVE-2022-43244 | unknown | — | — | — | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Se… | |||
| CVE-2022-31002 | unknown | — | — | — | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This ty… | |||
| CVE-2022-35469 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384. | |||
| CVE-2022-35471 | unknown | — | — | — | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b0. | |||
| CVE-2022-2616 | unknown | — | — | — | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (… | |||
| CVE-2022-2859 | unknown | — | — | — | Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption … | |||
| CVE-2022-3199 | unknown | — | — | — | Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-26635 | unknown | — | — | — | ||||
| CVE-2022-2121 | unknown | — | — | — | OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. | |||
| CVE-2022-2906 | unknown | — | — | — | An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless th… | |||
| CVE-2022-50031 | unknown | — | — | — | ||||
| CVE-2022-20009 | unknown | — | — | — | ||||
| CVE-2022-23711 | unknown | — | — | — | ||||
| CVE-2022-3593 | unknown | — | — | — | ||||
| CVE-2022-3532 | unknown | — | — | — | ||||
| CVE-2022-1550 | unknown | — | — | — | ||||
| CVE-2022-38126 | unknown | — | — | — | ||||
| CVE-2022-3563 | unknown | — | — | — | A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipula… | |||
| CVE-2022-39177 | unknown | — | — | — | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |||
| CVE-2022-41420 | unknown | — | — | — | nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component | |||
| CVE-2022-30767 | unknown | — | — | — | nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because… | |||
| CVE-2022-44010 | unknown | — | — | — | An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer o… |